Menu
We need to give an option in the web-application to import a self-signed certificate (basically for customers who need to use their own certificates). Is it possible to import a self-signed certificate which customer already has(uploading through web and importing from keytool) or should we generate the certificate with his details every time?(we are using keytool to generate certificates)
301
Are these client certificates or server certificates? As to importing existing or generating new, you could do either.
Regardless, I'd strongly recommend against editing a keystore using keytool from within an application. Instead, assuming you're working with APIs that utilize the classes in the javax.net.ssl package, you can provide custom implementations that perform your own validations against a trusted set of certificates, and extend this to almost anything you would need. This can even be configured into something like Apache Tomcat using the trustManagerClassName configuration option, as documented at http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#SSL_Support.
(Primarily posting this answer in an attempt to either get this question some additional attention / competitive answers, or at the least, to simply remove this from the growing list of unanswered questions.)
165
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
